mirror of
https://github.com/laramies/theHarvester.git
synced 2024-09-21 15:56:44 +08:00
48 lines
1.8 KiB
YAML
48 lines
1.8 KiB
YAML
---
|
|
# This workflow integrates ShiftLeft NG SAST with GitHub
|
|
# Visit https://docs.shiftleft.io for help
|
|
name: ShiftLeft
|
|
|
|
on:
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
NextGen-Static-Analysis:
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Download ShiftLeft CLI
|
|
run: |
|
|
curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
|
|
- name: Extract branch name
|
|
shell: bash
|
|
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
|
|
id: extract_branch
|
|
- name: NextGen Static Analysis
|
|
run: ${GITHUB_WORKSPACE}/sl analyze --wait --app theHarvester --tag branch=${{ github.head_ref || steps.extract_branch.outputs.branch }} --python $(pwd)
|
|
env:
|
|
SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
|
|
|
|
|
|
## Uncomment the following section to enable build rule checking and enforcing.
|
|
#Build-Rules:
|
|
#runs-on: ubuntu-latest
|
|
#needs: NextGen-Static-Analysis
|
|
#steps:
|
|
#- uses: actions/checkout@v2
|
|
#- name: Download ShiftLeft CLI
|
|
# run: |
|
|
# curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
|
|
#- name: Validate Build Rules
|
|
# run: ${GITHUB_WORKSPACE}/sl check-analysis --app theHarvester \
|
|
# --source 'tag.branch=${{ github.event.pull_request.base.ref }}' \
|
|
# --target "tag.branch=${{ github.head_ref || steps.extract_branch.outputs.branch }}" \
|
|
# --report \
|
|
# --github-pr-number=${{github.event.number}} \
|
|
# --github-pr-user=${{ github.repository_owner }} \
|
|
# --github-pr-repo=${{ github.event.repository.name }} \
|
|
# --github-token=${{ secrets.GITHUB_TOKEN }}
|
|
# env:
|
|
#SHIFTLEFT_ACCESS_TOKEN: ${{ secrets.SHIFTLEFT_ACCESS_TOKEN }}
|
|
|